Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3468
  • Last Modified:

1941 Router Config Mulit VLANs

Good day.  Am not knowledgeable at all when it comes to routing, the only experience I have had has been with 2811 and 3750 Ciscos.  The commands that I am familar with are not avail on a newly purchased 1941, and am getting confused as I continue to browse the Internet to find assistance.  Have 3 Vlans coming from a 3750 switch connecting to 1941 router on int g0/0 ethernet then going out on a different network through a tunnel to another location.  Have attached a jpg file of network diagram.  I am so confused!  I cannot use commands such as >int vlan #  or >switchport mode trunk (that I am familiar with) on this router.  I have a suspicion that I must use sub-interfaces on the port coming from the 3750, but do not know how to get them out.  And will require a point-to-point tunnel to direct the traffic.  Can anyone help me to get started on the right track?  I have erased and restarted this config many times.  There is alot of info on the Internet regarding basic router config with one Vlan, but not multiple.  Thanks. Network Diagram
0
hayesie
Asked:
hayesie
1 Solution
 
jmeggersCommented:
You're right that the switch commands don't work on the 1900 router.  If you really need to trunk VLANs over to the router, then you will have to use subinterfaces on the 1900.  Is there a reason not to route between VLANs on the 3750 switch and have a single layer 3 connection over to the router?  That would seem to me to make things more simple.
0
 
hayesieAuthor Commented:
There is no reason, other than I do not know how.  I have all of the configuration on the 3750 to allow all 3 Vlans to go through int g1/0/24 to connect to 1941 int g0/0.  The simplest most effective way is what I am looking for.  I have only ever configured 2811 with switch commands and routes.  Any help is appreciated.
0
 
hayesieAuthor Commented:
More to the above, the 3750 switch is acting only as a switch.  The Vlans do not communicate between each other at all.  What term would I search for on the Internet?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
GuruChiuCommented:
If your 3750 have L3 feature, you can turn on inter-VLAN routing by assign IP address for each VLAN interface you want to route (which looks like you already did), and type this command:

ip routing
0
 
hayesieAuthor Commented:
Figured that out, but what do I then configure on the 1941 router?
Still need a point to point connection or tunnel between 192.168.7.1 and 192.168.8.1
0
 
SouljaCommented:
The router will just handle traffic between the locations, while the 3750 will handle routing locally at the location. You can still have your vpn between the sites on the routers.
0
 
GuruChiuCommented:

You should have better result by opening another question with different title like "Setup a point to point GRE tunnel between a pair of Cisco 1941" so that people with that expertise can join in.

Anyway, this is a brief description of what need to be done to setup such link.

Determine do you want to encrypt the link.
Make sure you have connectivity between the two 1941. Find out the IPA and interface for such connection.
Setup GRE tunnel on the router.

e.g. on 192.168.7.1
interface tunnel 1
ip address 10.188.31.101 255.255.255.252
 tunnel source G0/0/0
 tunnel destination 10.16.96.2
 keepalive 10 3

on 192.168.8.1
interface tunnel 1
ip address 10.188.31.102 255.255.255.252
 tunnel source G0/0/0
 tunnel destination 10.188.31.98
 keepalive 10 3
0
 
hayesieAuthor Commented:
Sorry, wouldn't the tunnel destination be the gateway of the 1941 routers?
192.168.7.1 and 192.168.8.1

and the IP's 10.188.31.101 and 102 are out of the scope of the 10.188.31.98/30 net.

A little more confused.  
0
 
GuruChiuCommented:
IPs for the tunnel should be in a new subnet, not used anywhere else. I just invent a new one 10.188.31.100/30.

The destination is how the peer able to reach. In your diagram, 192.168.8.1 reach 192.168.7.1 through the interface G0/0/0 on VLAN 920.

0
 
hayesieAuthor Commented:
Well I did it this way.  I am going to do the other router the same with the differing IP's.  Does it look alright to you?  Thanks for your help btw.

sh run      sh run
Building configuration...

Current configuration : 1957 bytes
!
! Last configuration change at 16:07:17 mst Fri Sep 23 2011
! NVRAM config last updated at 16:07:18 mst Fri Sep 23 2011
!
version 15.0
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname 1941_WX_172
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$svB1$GkpfnRsbYzuu8wEgQgGPr.
!
no aaa new-model
clock timezone mst 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FGL1509222W
!
!
vtp domain Exnet
vtp mode transparent
!
!
!
!
!
!
interface Tunnel1
 ip address 192.168.10.9 255.255.255.252
 keepalive 10 3
 tunnel source GigabitEthernet0/0/0
 tunnel destination 10.16.96.2
!
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1
 ip address 192.9.210.17 255.255.255.0
!
interface GigabitEthernet0/0.400
 encapsulation dot1Q 400 native
 ip address 192.168.7.1 255.255.255.0
!
interface GigabitEthernet0/0.402
 encapsulation dot1Q 402
 ip address 192.168.14.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!

   
0
 
hayesieAuthor Commented:
oops forgot half of it....  Here it is in whole:

sh run      sh run
Building configuration...

Current configuration : 1957 bytes
!
! Last configuration change at 16:07:17 mst Fri Sep 23 2011
! NVRAM config last updated at 16:07:18 mst Fri Sep 23 2011
!
version 15.0
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname 1941_WX_172
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$svB1$GkpfnRsbYzuu8wEgQgGPr.
!
no aaa new-model
clock timezone mst 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FGL1509222W
!
!
vtp domain Exnet
vtp mode transparent
!
!
!
!
!
!
interface Tunnel1
 ip address 192.168.10.9 255.255.255.252
 keepalive 10 3
 tunnel source GigabitEthernet0/0/0
 tunnel destination 10.16.96.2
!
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1
 ip address 192.9.210.17 255.255.255.0
!
interface GigabitEthernet0/0.400
 encapsulation dot1Q 400 native
 ip address 192.168.7.1 255.255.255.0
!
interface GigabitEthernet0/0.402
 encapsulation dot1Q 402
 ip address 192.168.14.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 ip address 10.188.31.98 255.255.255.252
 negotiation auto
!
router ospf 1000
 router-id 192.9.210.17
 log-adjacency-changes
 network 192.9.210.0 0.0.0.255 area 0
 network 192.168.9.0 0.0.0.255 area 0
!
router ospf 2000
 router-id 192.168.7.1
 log-adjacency-changes
 network 192.168.7.0 0.0.0.255 area 51
 network 192.168.8.0 0.0.0.255 area 51
 network 192.168.14.0 0.0.0.255 area 51
!
ip default-gateway 192.168.7.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 password 7 00081C120B560A1E
 login
line aux 0
line vty 0 4
 password 7 0308541F09022054
 login
line vty 5 15
 password 7 0308541F09022054
 login
!
scheduler allocate 20000 1000
end
0
 
GuruChiuCommented:
looks good to me.
0
 
hayesieAuthor Commented:
Thanks so much for your help, I really appreciate it.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now